<?php
require("openConnection.php");
$forbbiden_words_array = array('<script', '%3cscript', 'script>', 'script%3e',  '%3b' );

function secure($var) {
  	global $forbbiden_words_array;
    // To protect MySQL injection and html injection
  	foreach ( $forbbiden_words_array as $forrbidden_word)
  		if( strpos($var, $forrbidden_word) !== false)
  			return 'forbidden key word found error';
  	$var = htmlentities($var, ENT_QUOTES, "UTF-8");
	$var = stripslashes($var);
	$var = mysql_real_escape_string($var);
    return $var;
  }

//clean values going into mysql
function mysql_prep( $value ) {
	$magic_quotes_active = get_magic_quotes_gpc();
	$new_enough_php = function_exists( "mysql_real_escape_string" ); // i.e. PHP >= v4.3.0
	if( $new_enough_php ) { // PHP v4.3.0 or higher
		// undo any magic quote effects so mysql_real_escape_string can do the work
		if( $magic_quotes_active ) { $value = stripslashes( $value ); }
		$value = mysql_real_escape_string( $value );
	} else { // before PHP v4.3.0
		// if magic quotes aren't already on then add slashes manually
		if( !$magic_quotes_active ) { $value = addslashes( $value ); }
		// if magic quotes are active, then the slashes already exist
	}
	$value = secure($value);
	return $value;
}

foreach ($_POST as $key => $value) {
    $_POST[$key] = mysql_prep($value);
  }
//---------------------- end security function
?>